/// <summary>
/// Validates the http challenge
/// </summary>
/// <param name="challenge"><see cref="IChallenge"/></param>
private void ValidateHttpChallenge(IChallenge challenge)
{
var authz = AuthorizationRepository.GetById(challenge.AuthorizationId) ?? throw new MalformedException("Cannot get Authorization by Id");
var url = $"http://{authz.Identifier.Value}/.well-known/acme-challenge/{challenge.Token}";
var request = (HttpWebRequest)WebRequest.Create(url);
#if !DEBUG
var response = (HttpWebResponse)request.GetResponse();
if (response.StatusCode == HttpStatusCode.OK)
{
var stream = response.GetResponseStream();
var reader = new StreamReader(stream);
var text = reader.ReadToEnd();
//Accounts.GetById(challenge.Authorization.AccountId
var account = AccountService.GetById(authz.AccountId);
var thumbprint = Base64Url.Encode(account.Key.GetThumbprint());
var controlValue = $"{challenge.Token}.{thumbprint}";
if (!controlValue.Equals(text))
{
var errMessage = "The key authorization file from the server did not match this challenge.";
throw new UnauthorizedException(errMessage);
}
}
else
{
throw new Exception("Respons status is not 200(OK)");
}
#else
Logger.Warn("HTTP challenge validation is disabled fo DEBUG mode");
#endif
}
public void GetById_Null()
{
// Init
var repo = new AuthorizationRepository();
// Create authz
var authz = repo.Create();
authz.Identifier.Type = "dns";
authz.Identifier.Value = "some.test.com";
authz.Status = AuthorizationStatus.Pending;
repo.Add(authz);
// Get authz by Id
var authz2 = repo.GetById(9); // wrong id
Assert.Null(authz2);
}
/// <summary>
/// Assign values from <see cref="IOrder"/> to JSON <see cref="Order"/>.
/// For expended objects need add assign values
/// </summary>
/// <param name="order">JSON <see cref="Order"/></param>
/// <param name="data"><see cref="IOrder"/></param>
protected virtual Order OnToOrderConvert(Order order, IOrder data)
{
var authzs = OrderAuthorizationRepository.GetByOrder(data.Id)
.Select(o => AuthorizationRepository.GetById(o.AuthorizationId))
.ToArray();
order.Identifiers = authzs.Select(o =>
new Identifier(o.Identifier.Type, o.Identifier.Value)).ToArray();
order.Authorizations = authzs.Select(o => $"{Options.BaseAddress}authz/{o.Id}").ToArray();
order.Status = data.Status;
order.NotBefore = data.NotBefore;
order.NotAfter = data.NotAfter;
order.Expires = data.Expires;
order.Error = data.Error == null ? null : ToError(data.Error);
order.Finalize = $"{Options.BaseAddress}finalize/{data.Id}";
order.Certificate = data.Certificate?.RawData == null ? null : $"{Options.BaseAddress}cert/{data.Certificate.Thumbprint}";
return(order);
}
/// <inheritdoc/>
public IAuthorization GetById(int accountId, int authzId)
{
var authz = AuthorizationRepository.GetById(authzId);
if (authz == null)
{
throw new MalformedException("Authorization doesn't exist");
}
var updatedAuthz = RefreshStatus(authz);
AccountSecurityService.CheckAccess(new AccountAccess
{
Account = AccountService.GetById(accountId),
Target = updatedAuthz,
});
return(updatedAuthz);
}
